Privacy policy

Last updated: 23 September 2025 

1. Who We Are 

umi cycle Ltd ("we", "us", "our") is an Irish‑based company selling menstrual discs through our website https://umicycle.com/ 

2. Personal Data We Collect 

  • Identifiers: name, postal address, email, phone.
  • Transaction data: products purchased, order value, delivery info, payment method (processed by our payment provider; we do not store full card details).
  • Account data: password (hashed), order history, preferences.
  • Device & Usage data: IP address, browser type, operating system, device identifiers, pages visited, referring URLs, timestamps, and other technical log data.
  • Cookies & similar technologies. Visit our Manage Cookies page.
  • Sensitive data: We do not actively seek health or medical information. If you voluntarily share such details (e.g., cycle‑related issues, allergies) in customer communications, we will use them only to address your query. This data is not automatically deleted and may be retained in line with our general support or review practices.

3. How We Collect Data 

  • Directly from you when you place an order, create an account, contact support, or subscribe to marketing.
  • Automatically via cookies, pixels and server logs.
  • From social‑media platforms when you interact with our ads or profiles. 

4. Why We Process Your Data & Legal Bases 

Purpose 

Examples 

Legal basis (GDPR) 

Fulfil orders & provide customer service 

processing payment, shipping, returns 

Contract Art. 6 (1)(b) 

Marketing (email, SMS, social‑media retargeting) 

newsletters, discount codes, personalised ads 

Consent Art. 6 (1)(a) or Legitimate Interests Art. 6 (1)(f) where permitted 

Analytics & site optimisation 

understanding traffic, improving UX 

Legitimate Interests Art. 6 (1)(f) and/or Consent Art. 6 (1)(a), depending on your cookie preferences.

Fraud prevention & security 

detecting misuse 

Legitimate Interests Art. 6 (1)(f) 

Legal / tax / medical‑device obligations 

record keeping, post‑market surveillance 

Legal obligation Art. 6 (1)(c) 

Handling health‑related queries you send us 

customer support 

Explicit consent Art. 9 (2)(a) 


5. Who We Share Data With 

  • E‑commerce & hosting: Shopify International Ltd., Canada (storefront, checkout).
  • Payment processors: e.g., Stripe, PayPal (card data handled directly by them).
  • Delivery providers: national and international postal / courier services.
  • Marketing & analytics partners: Meta Platforms Ireland Ltd. (Facebook & Instagram), TikTok Technology Ltd., Google LLC (Analytics). These partners may place their own cookies or pixels on our site to personalise and measure ads. Data may be used to build advertising audiences and track engagement across platforms.
  • Professional advisers & authorities where required by law, for audits, or to enforce our terms

We do not sell or rent your personal data. 

6. International Transfers 

Some partners process data outside the European Economic Area (EEA), for example in the United States or Canada. Where this occurs, we rely on the lawful transfer mechanisms they have implemented, such as the European Commission’s Standard Contractual Clauses or an adequacy decision (e.g., for Canada). 
TikTok data is processed by TikTok Technology Ltd. (EU) and may be transferred to other TikTok group entities outside the EEA. We rely on their Standard Contractual Clauses and supplementary measures to safeguard these transfers.

7. Cookies & Similar Technologies 

When you first visit, a banner lets you choose which non‑essential cookies (ads / analytics) you accept. You can change your preferences at any time via the “Cookie Settings” link in our footer or through your browser. 

8. Data Retention 

  • Order records: 7 years (tax & accounting).
  • Marketing‑consent data: until you withdraw consent or after 2 years of inactivity.
  • Customer‑support threads: 24 months after closure unless needed for legal claims.
  • Public reviews or testimonials: retained indefinitely unless you request removal.

9. Security 

We follow industry‑standard practices such as encryption in transit (TLS), secure server environments and role‑based access. No transmission or storage system is guaranteed 100 % secure; if we become aware of a data breach affecting you, we will notify you as required by law. 

10. Your Rights 

You can ask us to access, correct, erase, restrict or transfer your personal data, or object to certain processing. You may withdraw marketing consent at any time (unsubscribe link or email us). To exercise any right, email info [at] umicycle [dot] com. 

If you believe your data has been mishandled, you can complain to the Irish Data Protection Commission (21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland) or to your local supervisory authority. 

11. Children 

Our Site and products are intended for people aged 16 and over. We do not knowingly process personal data of children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it. 

12. Changes 

We may update this Policy from time to time; the latest version will always be posted on this page with a new “Last updated” date. 

13. Contact Us 

umi cycle Ltd 

Email:  info [at] umicycle [dot] com

Postal address: 87 Ard Na Mara, Blackrock, Dundalk, Co. Louth, Ireland